Malicious code in CCleaner compromised more than 2 million computers

PUBLISHED Mon, September 18, 2017 - 6:35pm EDT
Screenshot of CCleaner (Credit: Piriform)

A malicious code was inserted into a version of computer clean-up tool CCleaner, creating a backdoor in more than 2 million computers and potentially allowing those responsible to take control of the devices, the company said on Monday.

The breach was discovered on September 12 when Piriform - the company that created CCleaner - discovered that its software was sending data to an unknown IP address. An investigation revealed that two programs released in August had been "illegally modified" before being released to the public.

The breach affects CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 on 32-bit Windows systems. About 2.27 million computers are believed to have installed the compromised software, although it's still unclear whether hackers took control of any of the devices.

In a technical description, the company explained that CCleaner.exe had been modified to create a two-stage backdoor capable of running code sent by those responsible. It also sent encrypted data to the hackers, providing them with the computer's name, a list of installed software to include Windows updates, a list of running processes, MAC addresses, and the status of administrator privileges.

Paul Young, the vice president of products at Piriform, said in a blog post on Monday that the server used by the hackers was taken down and other potential servers are 'out of their control.' Users of version 5.33.6162, however, have been advised to update to the latest version while users of CCleaner Cloud received an automatic update.

"At this stage, we don’t want to speculate how the unauthorized code appeared in the CCleaner software, where the attack originated from, how long it was being prepared and who stood behind it," Young said. "The investigation is still ongoing. We want to thank the Avast Threat Labs for their help and assistance with this analysis."

Young apologized to users of CCleaner and said the company is taking "detailed steps internally" to prevent such a breach from happening again. "If you have not already done so, we encourage you to update your CCleaner software to version 5.34 or higher," he added.

CCleaner was first released in 2003 and allows people to delete temporary or potentially unwanted files to help optimize their computer. Piriform, which was acquired by Avast in July, says CCleaner has been downloaded more than 2 billion times, with an average of 5 million new users every week.

  London, England     





Happening Now

Powerful 7.2-magnitude earthquake hits southern Mexico

‘Active shooter’ scare at Highline College in Des Moines, Washington

New York twin brothers arrested in bomb-making scheme

Massachusetts: Graciela Paulino charged with fatal shooting in Lowell

Former presidential candidate Mitt Romney announces Utah Senate bid


Listen to "BNO News - Breaking News Radio" on Spreaker.


Just want the important news? Sign up now for the fastest email alerts from BNO News. Click here to get started!


Powerful 7.2-magnitude earthquake hits southern Mexico

‘Active shooter’ scare at Highline College in Des Moines, Washington

Massachusetts: Graciela Paulino charged with fatal shooting in Lowell

Lockdown at North Broward Preparatory School in Coconut Creek, Florida

WATCH LIVE: Local TV coverage of Florida high school shooting


Trump blocks release of Democratic memo on Russia probe

Strong earthquake hits northeast Taiwan, killing at least 2

British court upholds arrest warrant against Julian Assange

‘Glee’ star Mark Salling found dead in apparent suicide

Canadian billionaire and wife were murdered, police say